ZaToN Ransomware Description
The ZaToN Ransomware is a file-locking Trojan that's from the Xorist Ransomware family, a free software project. The ZaToN Ransomware blocks media files worth ransoming on the computer (such as documents) by encrypting them, adds extensions into their names, and leaves ransom notes in text files, wallpapers and pop-ups. Users should ignore all ransom demands, let dedicated security solutions remove the ZaToN Ransomware and recover files from backups.
A Drizzle of Poison TEA for Some Admin's Files
Experiencing locked files on an ordinary device is terrible enough, but harmfully-wielded encryption can be a costly nightmare of data loss for server administrators. Arguably, it rubs salt into the wound when the weapon causing it is 'freeware,' as the many variants of the Xorist Ransomware. The ZaToN Ransomware is an update to the family that comes with well-known encryption as a tool for extracting Bitcoin ransoms from the victims at the other end.
The ZaToN Ransomware changes its extensions and e-mail addresses relative to older versions like the EnCryp13d Ransomware, the VuLiCaPs Ransomware, the Locks Ransomware and the GlUTe Ransomware. Otherwise, it's highly similar, with XOR or TEA encryption features that lock media formats such as documents, databases, spreadsheets, pictures, audio or movies. The Trojan also induces other system changes, including:
- Adding 'ZaToN' extension strings into the blocked files' names without removing the first extension (such as 'example-picture.bmp.ZaToN')
- Terminating media management applications for gaining maximum access to files
- Hijacking the user's wallpaper
- Launching pop-up alerts and delivering text ransom notes
While the ZaToN Ransomware asks for 0.04 Bitcoins for its file-unlocking assistance, malware experts see no victims paying the fee so far. This version of the Trojan may be cheaper than previous ones; some wallet transactions include possible ransoms roughly twice as expensive. The ZaToN Ransomware also mentions targeting servers in its campaign explicitly, although this point doesn't exclude home Windows PCs from being at risk from the data-encrypting routine.
Clearing Up an Outsourced Data Lock-Up
Although making a kit-built, file-locker Trojan 'one's own' is an almost effortless task for any threat actor, this production method has disadvantages. Users may recover their files with decryption tools specific to Xorist Ransomware's family that are just as free as the Trojan-building tool. Because these opportunities are far from available for all Trojans, malware researchers don't recommend depending on decryptors. Backups on other devices are superior for nearly all users' data security.
Confirmation of the ZaToN Ransomware's remaining Windows-based is unsurprising, but little other information on its demographics or circulation strategy is available. Users should protect themselves and their files by using strong passwords, turning off macros and script-based browser content and installing security updates. The ZaToN Ransomware may infect victims through free downloads like torrents or take advantage of manual drops from threat actors who brute-force a server's login credentials.
Stable cyber-security products are traditionally-capable of detecting variants of the Xorist Ransomware. Users protected by these programs can delete the ZaToN Ransomware at their leisure or quarantine samples for submission to researchers.
Server vulnerabilities can be open doors for criminals who habitually exploit and sabotage other people's data. The ZaToN Ransomware might be the next consequence of delaying a blog software update for a little too long, at over a thousand dollars in expenses.